CNNVD-202507-1563 Information

Jul 10, 2025 cve

CNNVD ID

CNNVD-202507-1563

CVE-2025-24798

  • CNNVD Published: 2025-07-10

Description (Chinese)

Meshtastic device firmware是Meshtastic开源的一种用于 Meshtastic 设备运行开源、离网、去中心化网状网络的固件。 Meshtastic device firmware 1.2.1版本至2.6.2之前版本存在安全漏洞,该漏洞源于路由模块处理包含want_response==true的数据包时可能导致崩溃。

Description (English)

Meshtastic device firmware is a solid device for the Meshtastic open source, off-grid, decentralised network for Meshtastic devices. There is a security loophole in previous versions of Meshtastic device firmware 1.2.1 to 2.6.2, which stems from the potential for collapse when the router module processes the package containing want response=true.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

MessagePack

Published

2025-07-10

Last Modified

2026-02-24

References

https://github.com/meshtastic/firmware/commit/dc100e4d3e3dfbf58d3ead8141a49cddb0cbdc19 https://github.com/meshtastic/firmware/security/advisories/GHSA-4q84-546j-3mf5 https://github.com/meshtastic/firmware/blob/cdcbf4c61550e45c125e17a20aff4275e9389655/src/modules/RoutingModule.cpp#L44-L48 https://nvd.nist.gov/vuln/detail/CVE-2025-24798 https://access.redhat.com/security/cve/cve-2025-24798

Patch

https://github.com/meshtastic/firmware/releases

Share on: